Configuration Example - H3C S7500 Series Operation Manual

Operation Manual – ACL
H3C S7500 Series Ethernet Switches
Apply one rule in a link type ACL
Apply all rules in a user-defined ACL
Apply one rule in a user-defined ACL
Apply one rule in an IP type ACL and
one rule in a link type ACL
simultaneously
Table 1-20 Parameters description of ACL combinations
Parameter
ip-group
{ acl-number |
acl-name }
link-group
{ acl-number |
acl-name }
user-group
{ acl-number |
acl-name }
rule-id

1.9.3 Configuration Example

# Apply ACL 2100 on Ethernet 2/0/1 to filter inbound packets.
<H3C> system-view
[H3C] interface Ethernet 2/0/1
[H3C-Ethernet2/0/1] qos
[H3C-qoss-Ethernet2/0/1] packet-filter inbound ip-group 2100
Combination mode
Basic and advanced ACL.
acl-number: ACL number of basic and advanced ACL, ranging
from 2,000 to 3,999.
acl-name: ACL name, up to 32 characters long, beginning with an
English letter (a to z or A to Z) without space and quotation mark,
case insensitive.
Layer 2 ACL
acl-number: ACL number of the Layer 2 ACL, ranging from 4,000
to 4,999.
acl-name: ACL name, up to 32 characters long, beginning with an
English letter (a to z or A to Z) without space and quotation mark,
case insensitive.
User-defined ACL
acl-number: ACL number of the user-defined ACL, ranging from
5,000 to 5,999.
acl-name: ACL name, up to 32 characters long, beginning with an
English letter (a to z or A to Z) without space and quotation mark,
case insensitive.
ACL rule number, ranging from 0 to 127. If this argument is not
specified, all rules in the specified ACL will be applied.
Form of acl-rule
link-group { acl-number | acl-name } rule
rule-id
user-group { acl-number | acl-name }
user-group { acl-number | acl-name } rule
rule-id
ip-group { acl-number | acl-name } rule
rule-id link-group { acl-number | acl-name }
rule rule-id
Remarks
1-21
Chapter 1 ACL Configuration